Privacy Policy
Effective Date: February 18, 2026 · Last Updated: February 18, 2026
Suncraft Collective LLC d/b/a Steady Wealth (“Company,” “we,” “us,” or “our”) operates Steady Wealth (the “Service”), a private net worth tracking application available at steadywealth.app. This Privacy Policy explains how we collect, use, share, and protect your personal information.
We are committed to your privacy. Steady Wealth was built on the principle that your financial data belongs to you and no one else. We do not connect to your bank accounts, and we do not sell your personal information.
1. Information We Collect
1.1 Information You Provide Directly
- Account information: Full name, email address, and password when you create an account.
- Financial data: Account names, institution names, account types, balances, and category classifications that you manually enter.
- Portfolio data: Security symbols, quantities, and position values that you enter or confirm.
- Screenshots: Images you optionally upload for OCR-assisted data entry (processed transiently — see Section 5).
- Preferences: Currency setting, reminder day, subscription plan selection.
- Communications: Any information you provide when contacting support.
1.2 Information Collected Automatically
- Usage analytics: Page views and feature usage events via Vercel Analytics (anonymized, no cookies, no personal identifiers).
- Error data: Application errors, stack traces, and browser metadata via Sentry (used solely for bug fixes and performance improvements).
- Authentication cookies: Session cookies necessary for maintaining your login state (managed by Supabase Auth).
- Server logs: IP address, browser type, operating system, and access timestamps (standard web server logs).
1.3 Information We Do NOT Collect
- Bank account credentials or login information
- Social Security numbers or government IDs
- Credit card numbers (handled entirely by Stripe)
- Location data or GPS coordinates
- Contacts, photos, or other device data
- Browsing history outside of the Service
2. How We Use Your Information
We use your information for the following purposes:
| Purpose | Legal Basis (GDPR) |
|---|---|
| Provide and operate the Service | Contract performance |
| Process your subscription payments | Contract performance |
| Calculate and display net worth analytics | Contract performance |
| Process screenshots for OCR data extraction | Consent (you initiate upload) |
| Fetch reference prices for securities and properties | Legitimate interest |
| Send transactional emails (password reset, reminders) | Contract performance |
| Monitor and fix errors and performance issues | Legitimate interest |
| Analyze anonymized usage patterns to improve the Service | Legitimate interest |
| Comply with legal obligations | Legal obligation |
We do not use your financial data to build advertising profiles, train machine learning models, or for any purpose beyond providing the Service to you.
3. How We Share Your Information
We share your information only with the third-party service providers necessary to operate the Service. We do not sell, rent, or trade your personal information.
| Provider | Data Shared | Purpose |
|---|---|---|
| Supabase | Account info, financial data, preferences | Database hosting & authentication |
| Stripe | Email, subscription plan, payment method | Payment processing & billing |
| Anthropic | Uploaded screenshot images (transient) | OCR text extraction |
| Vercel | Anonymized page view & event data | Hosting & anonymous analytics |
| Sentry | Error data, browser metadata, user ID | Error tracking & debugging |
| Yahoo Finance | Ticker symbols (no user identity) | Security price lookups |
| Zillow | Property addresses (no user identity) | Property value estimates |
We may also disclose your information if required by law, subpoena, court order, or other legal process, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
4. We Do Not Sell Personal Information
We do not sell, rent, or trade your personal information to any third party for any purpose.
This applies under all applicable privacy laws, including the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). We have not sold personal information in the preceding 12 months and have no plans to do so.
Our business model is subscription revenue, not data monetization. Your financial data is used solely to provide the Service to you.
5. Data Retention
- Active account data: Your financial data, preferences, and account information are retained for as long as your account is active.
- Account deletion: When you delete your account, all your personal data and financial records are permanently deleted from our database within 30 days. Some anonymized, aggregated data may be retained for analytics purposes.
- Screenshot images: Uploaded images are processed transiently in memory via the Anthropic API and are never stored on our servers. Anthropic may retain API inputs for up to 30 days for trust and safety purposes per their data retention policy.
- Stripe billing data: Stripe retains billing and transaction records for up to 7 years as required by financial regulations. This data is governed by Stripe's Privacy Policy.
- Sentry error data: Error reports are retained for up to 90 days and then automatically purged.
- Server logs: Standard server logs are retained for up to 30 days.
6. Data Security
We implement the following security measures to protect your data:
- Encryption in transit: All data is transmitted over TLS (HTTPS).
- Encryption at rest: Data is stored in encrypted databases managed by Supabase (built on AWS infrastructure).
- Row-Level Security (RLS): Database-level policies ensure you can only access your own data. No other user, including administrators, can access your financial records through the application.
- Password security: Passwords are hashed using bcrypt and are never stored in plain text.
- Transient OCR processing: Screenshot images are sent directly to the Anthropic API for processing and are never stored on our servers.
- No bank credentials: We never collect or store bank login credentials, eliminating an entire category of security risk.
While we take reasonable measures to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.
7. Your Rights
7.1 Rights for All Users
Regardless of your location, you have the right to:
- Access the personal data we hold about you.
- Correct inaccurate or incomplete personal data.
- Delete your account and all associated data.
- Export your data in a portable format (available on paid plans).
- Withdraw consent for optional data processing (e.g., screenshot uploads).
7.2 Additional Rights Under GDPR (EEA/UK Users)
If you are located in the European Economic Area or United Kingdom, you also have the right to:
- Restrict processing of your personal data in certain circumstances.
- Object to processing based on legitimate interest.
- Data portability — receive your data in a structured, machine-readable format.
- Lodge a complaint with your local data protection authority.
- Not be subject to automated decision-making that produces legal effects (see Section 12).
7.3 Additional Rights Under CCPA/CPRA (California Residents)
If you are a California resident, you have the right to:
- Know what personal information we collect, use, and disclose.
- Delete your personal information (subject to certain exceptions).
- Opt out of the sale of personal information — though we do not sell your data.
- Non-discrimination — we will not discriminate against you for exercising your rights.
- Correct inaccurate personal information.
- Limit the use of sensitive personal information — we do not use sensitive personal information for purposes beyond what is necessary to provide the Service.
To exercise any of these rights, contact us at privacy@steadywealth.app. We will respond within 30 days (or 45 days for CCPA requests, with notice of extension if needed).
8. Cookies & Tracking Technologies
Steady Wealth uses a minimal approach to cookies and tracking:
| Cookie/Technology | Purpose | Type |
|---|---|---|
| Supabase auth cookies | Maintain your login session | Essential / Strictly necessary |
| Vercel Analytics | Anonymous page view analytics | Analytics (no cookies, privacy-focused) |
We do not use:
- Third-party advertising cookies
- Social media tracking pixels
- Cross-site tracking technologies
- Fingerprinting or similar identification techniques
9. International Data Transfers
Steady Wealth is operated from the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States where our servers and service providers are located.
For users in the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on the following transfer mechanisms to ensure adequate protection of your personal data:
- EU-US Data Privacy Framework (DPF) where applicable
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Service provider certifications and data processing agreements
By using the Service, you consent to the transfer of your information to the United States and other countries where our service providers operate, subject to the protections described in this Privacy Policy.
10. Children's Privacy
The Service is not directed to children under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly.
If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@steadywealth.app.
11. Data Breach Notification
In the event of a data breach that affects your personal information:
- GDPR (EEA/UK users): We will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, where feasible. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you without undue delay.
- CCPA (California residents): We will notify affected individuals without unreasonable delay, consistent with the legitimate needs of law enforcement and any measures necessary to determine the scope of the breach.
- All users: We will notify affected users via email and, where appropriate, post a notice on the Service.
12. Automated Decision-Making
Steady Wealth does not make automated decisions that produce legal effects or similarly significant effects concerning you.
The screenshot OCR feature uses artificial intelligence (Anthropic Claude) to extract text and numbers from uploaded images. However, this is an assistive tool only:
- All OCR-extracted values are presented to you for review before being saved.
- You have full control to accept, modify, or reject any extracted values.
- No financial decisions, account actions, or data changes are made without your explicit approval.
13. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email (to the address associated with your account) or by posting a prominent notice on the Service at least 30 days before the changes take effect.
We will update the “Last Updated” date at the top of this page. We encourage you to review this Privacy Policy periodically. Your continued use of the Service after any changes constitutes your acceptance of the updated Privacy Policy.
14. Contact Information
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
- Privacy inquiries: privacy@steadywealth.app
- General support: support@steadywealth.app
- Legal inquiries: legal@steadywealth.app
Data Protection Officer: For GDPR-related inquiries, you may contact our data protection officer at privacy@steadywealth.app.
If you have questions about this Privacy Policy, please contact us.